Critical Flaw in Vibe-Coding Platform Base44 Exposed Apps – Dark Reading
A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44. – Read More
2025
Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims – The Hacker News
A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of…
Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm – Dark Reading
Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains. – Read More
Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack – CSO Online
Threat actors recently tried to exploit a freshly patched max-severity SAP Netweaver flaw to deploy a persistent Linux remote access trojan (RAT) “Auto-Color.” According to a Darktrace report, a recent…
How the Browser Became the Main Cyber Battleground – The Hacker News
Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a…
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks – The Hacker News
Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that’s targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive…
Travers and Mishcon bump NQ lawyer salaries – Legal Cheek
£130k and £100k Travers Smith and Mishcon de Reya are the latest major law firms to boost junior lawyer pay, as the summer salary surge continues. Travers Smith has increased…
Aspiring lawyers urged to focus on firms’ AI prowess, not just big salaries – Legal Cheek
Simmons senior partner argues that top tech could accelerate trainees’ careers A top lawyer has urged training contract hunters not to focus solely on the eye-watering salaries on offer at…
Why React Didn’t Kill XSS: The New JavaScript Injection Playbook – The Hacker News
React conquered XSS? Think again. That’s the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code,…
Cybersicherheitsausgaben wachsen langsamer – CSO Online
Die Ausgaben steigen weltweit, in Deutschland aber mit leichter Delle. PeopleImages.com – Yuri A Viele Unternehmen haben bereits realisiert, wie wichtig Investitionen in Cybersicherheit sind und erhöhen dementsprechend ihre Ausgaben…
Ermittler stoppen Erpresser-Software von Blacksuit/Royal – CSO Online
Die Angreifer verschlüsseln Daten nicht nur, sondern stehlen diese vorher. AIBooth – shutterstock.com Fast 200 Opfer und ein Millionenschaden: Internationalen Ermittlern ist ein Schlag gegen weltweit agierende cyberkriminelle Erpresser gelungen.…
Nach Flugausfällen sprechen Hacker und Kreml von Angriff – CSO Online
Im Kreml spricht man von alarmierenden Nachrichten. FOTOGRIN – shutterstock.com In Moskau sind nach einem mutmaßlichen Angriff proukrainischer Hackergruppen Dutzende Flüge ausgefallen. Die staatliche russische Fluggesellschaft Aeroflot sprach zunächst von…
Law firm fined £173k for failing to flag politically exposed person in property deal – Legal Cheek
Breached anti-money laundering rules The Solicitors Regulation Authority (SRA) has fined legacy firm Taylor Vinters nearly £173,000 after it failed to flag a politically exposed person (PEP) involved in a…
The healthcare industry is at a cybersecurity crossroads – CSO Online
Healthcare is one of the largest industries in the world. In the US, healthcare spending accounts for about 17% of the country’s gross domestic product (GDP) and is expected to…
How AI red teams find hidden flaws before attackers do – CSO Online
AI systems present a new kind of threat environment, leaving traditional security models — designed for deterministic systems with predictable behaviors — struggling to account for the fluidity of an…